Customers Are Enacting More Fraud Than Scammers – Cybercrime Report

LexisNexis® Risk Solutions latest Cybercrime Report shows a significant swing in the composition of global fraud attacks, with first-party fraud now the leading type in the UK, representing more than half (51%) of all reported fraud in 2024. The report is an analysis of over 104 billion global transactions in the LexisNexis® Digital Identity Network® platform over the past 12 months.

First-party fraud includes customers misrepresenting or giving false personal or account information for financial gain, such as when applying for a loan; banking customers claiming a credit or debit card purchase is fraudulent in order to get a refund (known as ‘friendly’ fraud); or claiming goods ordered online were not delivered. Buy Now, Pay Later (BNPL) providers and financial institutions are among the organisations reporting a particular uplift in first-party fraud.

Key vulnerabilities

Other forms of fraud also remain a threat. Account takeover (ATO) fraud – fuelled by phishing and smishing activity – accounts for15% of reported fraud in the UK. Common amongst this is password reset fraud, where a victim receives a password reset email and inadvertently surrenders their login details to a fraudster. Analysis found one in ten (10%) password reset attempts in the UK was a fraud attack last year, rising to over one in four (27%) reset attempts initiated on a desktop computer. 

“These findings represent a notable shift in global fraud patterns, with consumers now emerging as the single largest source of human-initiated fraud,” said Stephen Topliss, vice president of fraud and identity, LexisNexis Risk Solutions. “The change in composition of attacks presents a significant challenge for fraud prevention since detecting first party fraud requires a subtly different approach from detecting scams or account takeovers. Organisations can’t afford to be complacent, however – there were still more than three billion brute-force automated account takeover attacks detected last year alone and scams remain a global problem. It is vital for organisations to have models tuned to detect these varied forms of fraud.” 

Sector and regional trends

On a global level, the attack rate on Communication, Mobile and Media (CMM) companies increased by 15% year on year and global Financial Services firms saw an 18% uplift in automated bot attacks. LexisNexis Risk Solutions believes this could indicate underlying signs of a coming ‘fraud storm’ powered by AI.

Attack rates also varied at a regional level: 

• EMEA continues to see the lowest regional attack rate globally at 0.6% of transactions, according to the LexisNexis® Identity Abuse Index, which records daily attack rates.
• LATAM has also seen a sustained decrease in its attack rate (1.6%) since the end of 2023, now putting it lower than North America at 2.2%.
• In contrast, APAC’s attack rate grew significantly by 37% through 2024, now standing at 1.5% of all transactions in the region. 

Topliss continued, “We are at a potential tipping point. While many organisations have improved their defences over the past few years, we also know that cybercriminals are embracing new innovative, AI-enhanced capabilities and we will likely see these extensively tested and executed over the coming months. Our analysis of attacks over a longer multi-year period shows that significant attacks often come in waves and this latest set of figures could indicate the imminent arrival of the next, AI-enabled wave of global attacks.”